2

Context

I have a web game in JavaScript.

I send scores and achievements with AJAX during the game.

So anyone can view the source code, copy this request and cheat on my game.

Questions

  • Any idea of how prevent this?
  • With a token from server (I never used this system)?

Code

:

$.post('ajax/score.php', {pseudo: $pseudo, score: $score, achiev: $achiev},
    function(data) {
        $('#loader').show().delay(3000).fadeOut(1000);
    }
);

:

if (isset($_POST['pseudo']) &&
    isset($_POST['score']) && 
    isset($_POST['achiev'])) {
    ...
}
Community
  • 1
  • 1
GG.
  • 21,083
  • 14
  • 84
  • 130
  • Only get method can possible,but not in post method.you are using a post method,may be it will helpful - http://stackoverflow.com/questions/1756591/prevent-direct-access-to-file-called-by-ajax-function – devtut Nov 26 '11 at 14:06

1 Answers1

4

As the game is client side, there is no way to ensure that they do not "cheat". There are ways to make it more difficult.

  • Have all calculations performed serverside, and send back tokens...this may not be possible/feasible for your game.
  • Change the code served each time so that it will require more time to "decipher" all the requests.
  • Obfuscate the code...this is only a deterrent.
  • Have "tokens" sent during the game to see if the data matches (for example you can't win the racing game in 5 sec)...this too can be spoofed.

As long as the game is client side, it cannot be "secured".

Eugene
  • 10,957
  • 20
  • 69
  • 97